Palo Alto Networks has released security updates to address five vulnerabilities in its products, including a critical flaw in the Expedition tool that could enable admin account takeover.

The new cyber-defense facility, dubbed NATO Integrated Cyber Defence Centre (NICC), will be located in Belgium at SHAPE and will consist of civilian and military experts from member states.

The Office of Management and Budget has issued a memorandum outlining the administration’s cybersecurity priorities for fiscal year 2026, aligning with the national cybersecurity strategy.

The US government is pressuring software manufacturers to address operating system command injection vulnerabilities following high-profile threat actor campaigns exploiting these flaws in 2024.

The U.S. Government Accountability Office’s annual assessment of the Defense Department’s IT spending revealed that several programs lack approved cybersecurity strategies, leaving them vulnerable to potential cyberattacks.

McAfee Labs has uncovered a unique malware delivery method called the “Clickfix” infection chain, which starts with users being directed to compromised websites and instructed to paste a script into a PowerShell terminal.

Federal research agencies will now require covered institutions to implement cybersecurity programs for research and development security due to threats from China. The goal is to increase awareness of security threats and enable apt responses.

Crystalray’s attack chain involves using various OSS tools for reconnaissance, scanning, and exploiting vulnerabilities. The group was first discovered in February using the “SSH-Snake” tool to exploit vulnerabilities in Atlassian Confluence.

FishXProxy is designed to evade detection and maximize credential theft attempts, equipped with features like traffic management to hide link destinations and a cross-project tracking capability for persistent targeting.